felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-21 09:27:51 +01:00
Code Issues Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
Vegard Bieker Matthey
2026-02-20 18:18:09 +01:00
parent 18167dca0a
commit dc8a6c8c71
127 changed files with 3804 additions and 2402 deletions
Download Patch File Download Diff File Expand all files Collapse all files

410
modules/gickup/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, utils, ... }:
{
config,
pkgs,
lib,
utils,
...
}:
let
cfg = config.services.gickup;
format = pkgs.formats.yaml { };
@@ -45,113 +51,125 @@ in
};
instances = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule (submoduleInputs@{ name, ... }: let
submoduleName = name;
type = lib.types.attrsOf (
lib.types.submodule (
submoduleInputs@{ name, ... }:
let
submoduleName = name;
nameParts = rec {
repoType = builtins.head (lib.splitString ":" submoduleName);
nameParts = rec {
repoType = builtins.head (lib.splitString ":" submoduleName);
owner = if repoType == "any"
then null
else lib.pipe submoduleName [
owner =
if repoType == "any" then
null
else
lib.pipe submoduleName [
(lib.removePrefix "${repoType}:")
(lib.splitString "/")
builtins.head
];
repo = if repoType == "any"
then null
else lib.pipe submoduleName [
repo =
if repoType == "any" then
null
else
lib.pipe submoduleName [
(lib.removePrefix "${repoType}:")
(lib.splitString "/")
lib.last
];
slug = if repoType == "any"
then lib.toLower (builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName)
else "${lib.toLower repoType}-${lib.toLower owner}-${lib.toLower repo}";
};
in {
options = {
interval = lib.mkOption {
type = lib.types.str;
default = "daily";
example = "weekly";
description = ''
Specification (in the format described by {manpage}`systemd.time(7)`) of the time
interval at which to run the service.
'';
};
type = lib.mkOption {
type = lib.types.enum [
"github"
"gitlab"
"gitea"
"gogs"
"bitbucket"
"onedev"
"sourcehut"
"any"
];
example = "github";
default = nameParts.repoType;
description = ''
The type of the repository to mirror.
'';
};
owner = lib.mkOption {
type = with lib.types; nullOr str;
example = "go-gitea";
default = nameParts.owner;
description = ''
The owner of the repository to mirror (if applicable)
'';
};
repo = lib.mkOption {
type = with lib.types; nullOr str;
example = "gitea";
default = nameParts.repo;
description = ''
The name of the repository to mirror (if applicable)
'';
};
slug = lib.mkOption {
type = lib.types.str;
default = nameParts.slug;
example = "github-go-gitea-gitea";
description = ''
The slug of the repository to mirror.
'';
};
description = lib.mkOption {
type = with lib.types; nullOr str;
example = "A project which does this and that";
description = ''
A description of the project. This isn't used directly by gickup for anything,
but can be useful if gickup is used together with cgit or similar.
'';
};
settings = lib.mkOption {
description = "Instance specific settings, see gickup configuration file";
type = lib.types.submodule {
freeformType = format.type;
slug =
if repoType == "any" then
lib.toLower (builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName)
else
"${lib.toLower repoType}-${lib.toLower owner}-${lib.toLower repo}";
};
default = { };
example = {
username = "gickup";
password = "hunter2";
wiki = true;
issues = true;
in
{
options = {
interval = lib.mkOption {
type = lib.types.str;
default = "daily";
example = "weekly";
description = ''
Specification (in the format described by {manpage}`systemd.time(7)`) of the time
interval at which to run the service.
'';
};
type = lib.mkOption {
type = lib.types.enum [
"github"
"gitlab"
"gitea"
"gogs"
"bitbucket"
"onedev"
"sourcehut"
"any"
];
example = "github";
default = nameParts.repoType;
description = ''
The type of the repository to mirror.
'';
};
owner = lib.mkOption {
type = with lib.types; nullOr str;
example = "go-gitea";
default = nameParts.owner;
description = ''
The owner of the repository to mirror (if applicable)
'';
};
repo = lib.mkOption {
type = with lib.types; nullOr str;
example = "gitea";
default = nameParts.repo;
description = ''
The name of the repository to mirror (if applicable)
'';
};
slug = lib.mkOption {
type = lib.types.str;
default = nameParts.slug;
example = "github-go-gitea-gitea";
description = ''
The slug of the repository to mirror.
'';
};
description = lib.mkOption {
type = with lib.types; nullOr str;
example = "A project which does this and that";
description = ''
A description of the project. This isn't used directly by gickup for anything,
but can be useful if gickup is used together with cgit or similar.
'';
};
settings = lib.mkOption {
description = "Instance specific settings, see gickup configuration file";
type = lib.types.submodule {
freeformType = format.type;
};
default = { };
example = {
username = "gickup";
password = "hunter2";
wiki = true;
issues = true;
};
};
};
};
};
}));
}
)
);
};
};
@@ -197,114 +215,122 @@ in
};
}
//
# Overrides for mirrors which are not "daily"
(lib.pipe cfg.instances [
builtins.attrValues
(builtins.filter (instance: instance.interval != "daily"))
(map ({ slug, interval, ... }: {
name = "gickup@${slug}";
value = {
overrideStrategy = "asDropin";
timerConfig.OnCalendar = interval;
};
}))
builtins.listToAttrs
]);
# Overrides for mirrors which are not "daily"
(lib.pipe cfg.instances [
builtins.attrValues
(builtins.filter (instance: instance.interval != "daily"))
(map (
{ slug, interval, ... }:
{
name = "gickup@${slug}";
value = {
overrideStrategy = "asDropin";
timerConfig.OnCalendar = interval;
};
}
))
builtins.listToAttrs
]);
systemd.targets.timers.wants = map ({ slug, ... }: "gickup@${slug}.timer") (lib.attrValues cfg.instances);
systemd.targets.timers.wants = map ({ slug, ... }: "gickup@${slug}.timer") (
lib.attrValues cfg.instances
);
systemd.services = {
"gickup@" = let
configDir = lib.pipe cfg.instances [
(lib.mapAttrsToList (name: instance: {
name = "${instance.slug}.yml";
path = format.generate "gickup-configuration-${name}.yml" {
destination.local = [ cfg.destinationSettings ];
source.${instance.type} = [
(
(lib.optionalAttrs (instance.type != "any") {
user = instance.owner;
includeorgs = [ instance.owner ];
include = [ instance.repo ];
})
//
instance.settings
)
];
};
}))
(pkgs.linkFarm "gickup-configuration-files")
];
in {
description = "Gickup git repository mirroring service for %i";
after = [ "network.target" ];
"gickup@" =
let
configDir = lib.pipe cfg.instances [
(lib.mapAttrsToList (
name: instance: {
name = "${instance.slug}.yml";
path = format.generate "gickup-configuration-${name}.yml" {
destination.local = [ cfg.destinationSettings ];
source.${instance.type} = [
(
(lib.optionalAttrs (instance.type != "any") {
user = instance.owner;
includeorgs = [ instance.owner ];
include = [ instance.repo ];
})
// instance.settings
)
];
};
}
))
(pkgs.linkFarm "gickup-configuration-files")
];
in
{
description = "Gickup git repository mirroring service for %i";
after = [ "network.target" ];
path = [
cfg.gitPackage
cfg.gitLfsPackage
];
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "'${pkgs.gickup}/bin/gickup' '${configDir}/%i.yml'";
ExecStartPost = "";
User = "gickup";
Group = "gickup";
BindPaths = lib.optionals (cfg.dataDir != "/var/lib/gickup") [
"${cfg.dataDir}:/var/lib/gickup"
path = [
cfg.gitPackage
cfg.gitLfsPackage
];
Slice = "system-gickup.slice";
restartIfChanged = false;
SyslogIdentifier = "gickup-%i";
StateDirectory = "gickup";
# WorkingDirectory = "gickup";
# RuntimeDirectory = "gickup";
# RuntimeDirectoryMode = "0700";
serviceConfig = {
Type = "oneshot";
ExecStart = "'${pkgs.gickup}/bin/gickup' '${configDir}/%i.yml'";
ExecStartPost = "";
# https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
RemainAfterExit = true;
User = "gickup";
Group = "gickup";
# Hardening options
AmbientCapabilities = [];
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
# ProtectProc = "invisible";
# ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
# SystemCallFilter = [
# "@system-service"
# "~@resources"
# "~@privileged"
# ];
UMask = "0002";
CapabilityBoundingSet = [];
BindPaths = lib.optionals (cfg.dataDir != "/var/lib/gickup") [
"${cfg.dataDir}:/var/lib/gickup"
];
Slice = "system-gickup.slice";
SyslogIdentifier = "gickup-%i";
StateDirectory = "gickup";
# WorkingDirectory = "gickup";
# RuntimeDirectory = "gickup";
# RuntimeDirectoryMode = "0700";
# https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
RemainAfterExit = true;
# Hardening options
AmbientCapabilities = [ ];
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
# ProtectProc = "invisible";
# ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
# SystemCallFilter = [
# "@system-service"
# "~@resources"
# "~@privileged"
# ];
UMask = "0002";
CapabilityBoundingSet = [ ];
};
};
};
};
};
}

7
modules/gickup/hardlink-files.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.gickup;
in

7
modules/gickup/import-from-toml.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.gickup;

7
modules/gickup/set-description.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.gickup;
in

79
modules/gickup/update-linktree.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.gickup;
in
@@ -20,50 +25,52 @@ in
wantedBy = [ "gickup.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = let
script = pkgs.writeShellApplication {
name = "gickup-update-symlink-tree.sh";
runtimeInputs = [
pkgs.coreutils
pkgs.findutils
];
text = ''
shopt -s nullglob
ExecStart =
let
script = pkgs.writeShellApplication {
name = "gickup-update-symlink-tree.sh";
runtimeInputs = [
pkgs.coreutils
pkgs.findutils
];
text = ''
shopt -s nullglob
for repository in ./*/*/*; do
REPOSITORY_RELATIVE_DIRS=''${repository#"./"}
for repository in ./*/*/*; do
REPOSITORY_RELATIVE_DIRS=''${repository#"./"}
echo "Checking $REPOSITORY_RELATIVE_DIRS"
echo "Checking $REPOSITORY_RELATIVE_DIRS"
declare -a REVISIONS
readarray -t REVISIONS < <(find "$repository" -mindepth 1 -maxdepth 1 -printf "%f\n" | sort --numeric-sort --reverse)
declare -a REVISIONS
readarray -t REVISIONS < <(find "$repository" -mindepth 1 -maxdepth 1 -printf "%f\n" | sort --numeric-sort --reverse)
if [[ "''${#REVISIONS[@]}" == 0 ]]; then
echo "Found no revisions for $repository, continuing"
continue
fi
if [[ "''${#REVISIONS[@]}" == 0 ]]; then
echo "Found no revisions for $repository, continuing"
continue
fi
LAST_REVISION="''${REVISIONS[0]}"
SYMLINK_PATH="../linktree/''${REPOSITORY_RELATIVE_DIRS}"
LAST_REVISION="''${REVISIONS[0]}"
SYMLINK_PATH="../linktree/''${REPOSITORY_RELATIVE_DIRS}"
mkdir -p "$(dirname "$SYMLINK_PATH")"
mkdir -p "$(dirname "$SYMLINK_PATH")"
EXPECTED_SYMLINK_TARGET=$(realpath "''${repository}/''${LAST_REVISION}")
EXISTING_SYMLINK_TARGET=$(realpath "$SYMLINK_PATH" || echo "<none>")
EXPECTED_SYMLINK_TARGET=$(realpath "''${repository}/''${LAST_REVISION}")
EXISTING_SYMLINK_TARGET=$(realpath "$SYMLINK_PATH" || echo "<none>")
if [[ "$EXISTING_SYMLINK_TARGET" != "$EXPECTED_SYMLINK_TARGET" ]]; then
echo "Updating symlink for $REPOSITORY_RELATIVE_DIRS"
rm "$SYMLINK_PATH" ||:
ln -rs "$EXPECTED_SYMLINK_TARGET" "$SYMLINK_PATH"
else
echo "Symlink already up to date, continuing..."
fi
if [[ "$EXISTING_SYMLINK_TARGET" != "$EXPECTED_SYMLINK_TARGET" ]]; then
echo "Updating symlink for $REPOSITORY_RELATIVE_DIRS"
rm "$SYMLINK_PATH" ||:
ln -rs "$EXPECTED_SYMLINK_TARGET" "$SYMLINK_PATH"
else
echo "Symlink already up to date, continuing..."
fi
echo "---"
done
'';
};
in lib.getExe script;
echo "---"
done
'';
};
in
lib.getExe script;
User = "gickup";
Group = "gickup";